MdePkg: Fix conditionally uninitialized variables

Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html

Note that this change affects the actual return value from the
following functions. The functions documented that if an integer
overflow occurred, MAX_UINTN would be returned. They were
implemented to actually return an undefined value from the stack.

This change makes the function follow its description. However, this
is technically different than what callers may have previously
expected.

MdePkg/Library/BaseLib/String.c:
  - StrDecimalToUintn()
  - StrDecimalToUint64()
  - StrHexToUintn()
  - StrHexToUint64()
  - AsciiStrDecimalToUintn()
  - AsciiStrDecimalToUint64()
  - AsciiStrHexToUintn()
  - AsciiStrHexToUint64()

Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Erich McMillan <emcmillan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
This commit is contained in:
Michael Kubacki 2022-11-08 15:29:05 -05:00 committed by mergify[bot]
parent 07251f3c6a
commit 321240b135
1 changed files with 32 additions and 8 deletions

View File

@ -408,7 +408,10 @@ StrDecimalToUintn (
{ {
UINTN Result; UINTN Result;
StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result); if (RETURN_ERROR (StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result))) {
return MAX_UINTN;
}
return Result; return Result;
} }
@ -454,7 +457,10 @@ StrDecimalToUint64 (
{ {
UINT64 Result; UINT64 Result;
StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result); if (RETURN_ERROR (StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result))) {
return MAX_UINT64;
}
return Result; return Result;
} }
@ -501,7 +507,10 @@ StrHexToUintn (
{ {
UINTN Result; UINTN Result;
StrHexToUintnS (String, (CHAR16 **)NULL, &Result); if (RETURN_ERROR (StrHexToUintnS (String, (CHAR16 **)NULL, &Result))) {
return MAX_UINTN;
}
return Result; return Result;
} }
@ -548,7 +557,10 @@ StrHexToUint64 (
{ {
UINT64 Result; UINT64 Result;
StrHexToUint64S (String, (CHAR16 **)NULL, &Result); if (RETURN_ERROR (StrHexToUint64S (String, (CHAR16 **)NULL, &Result))) {
return MAX_UINT64;
}
return Result; return Result;
} }
@ -989,7 +1001,10 @@ AsciiStrDecimalToUintn (
{ {
UINTN Result; UINTN Result;
AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Result); if (RETURN_ERROR (AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Result))) {
return MAX_UINTN;
}
return Result; return Result;
} }
@ -1031,7 +1046,10 @@ AsciiStrDecimalToUint64 (
{ {
UINT64 Result; UINT64 Result;
AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Result); if (RETURN_ERROR (AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Result))) {
return MAX_UINT64;
}
return Result; return Result;
} }
@ -1077,7 +1095,10 @@ AsciiStrHexToUintn (
{ {
UINTN Result; UINTN Result;
AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result); if (RETURN_ERROR (AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result))) {
return MAX_UINTN;
}
return Result; return Result;
} }
@ -1123,7 +1144,10 @@ AsciiStrHexToUint64 (
{ {
UINT64 Result; UINT64 Result;
AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result); if (RETURN_ERROR (AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result))) {
return MAX_UINT64;
}
return Result; return Result;
} }